Survey Participant Information - How The ABS 
Keeps Your Information Confidential 


The ABS depends on the goodwill and cooperation of Australians, businesses and other organisations to 
provide information in response to its many data collections. A critical way of maintaining such 
cooperation and goodwill is by ensuring that information supplied remains confidential while being used 
as a valuable resource for the production of statistics and supporting statistical research. 


The importance of this is recognised in the Census and Statistics Act, with confidentiality being a 
legislative guarantee to respondents. This is a condition under which the ABS exercises its authority to 
obtain the information it requires to meet the information needs of governments and the community 
generally. 


The ABS meets the confidentiality requirements of the Census and Statistics Act by ensuring that 
information provided to it is: 


e securely maintained 

e only used for statistical purposes 

e not inadvertently revealed in any published statistics, and 

e used safely as unidentifiable microdata files to support research and analysis. 


This statement outlines how the ABS goes about each of these aspects to achieve its excellent record of 
maintaining confidentiality and the resultant public confidence. 


SECURITY 

RESTRICTING USE OF INFORMATION TO STATISTICAL PURPOSES 
AVOIDING INADVERTENT DISCLOSURE IN PUBLISHED STATISTICS 
MICRODATA 

MAKING SURE SECURITY IS WORKING 


SECURITY 
Employee undertaking 


All employees of ABS, regardless of their duties and status of employment, must sign an Undertaking 
of Fidelity and Secrecy on commencement of employment with ABS. This includes contractors. The 
undertaking requires that employees do not disclose information acquired during their employment with 
ABS and continues to apply after ceasing employment. Significant penalties apply for any breach, 
including up to 2 years imprisonment and/or a fine of 120 penalty units ($21,600). 


The importance of confidentiality is communicated to staff in many ways, beginning with induction 
training for all new employees. The ABS organisational culture is one which emphasises the importance 
and need for confidentiality, with the message reinforced to employees in corporate documents, training 
courses and the everyday conduct of their work. 


Building security 


Staff are also reminded of the importance of security many times each day as they go about their work. 
The ABS buildings and computers provide a working environment that physically keeps confidential 
information secure. All entry into an ABS building is through a security area which electronically 
monitors and determines movements into and out of the building, and only staff and escorted visitors are 
able to enter. Some work areas are further restricted to certain staff. 


Computer system security 


The ABS maintains a complex computing environment which is essential for the efficient processing of 
the information it collects, processes and publishes. There are many layers of security including firewalls 
against external intrusion. Staff are reminded each day when they log on to any ABS computer that 
action could be taken if they misuse the computing environment. Audit trails are available for 
examination should investigation be necessary. The security of the ABS environment is formally assessed 
annually to ensure compliance with all Australian Government IT security standards. 


Need to know access to data, even for ABS staff 


Policies and practices for keeping information secure are adhered to by all staff when collecting 
information and processing it to produce statistics. 


Data collected under the Census and Statistics Act can only be accessed by ABS staff if they have a 
genuine 'need to know' that information. An ABS staff member has a genuine 'need to know' if, without 
access, they would be hindered in the performance of their ABS work. ABS staff are only provided with 
the minimum amount of information they 'need to know’. 


During the early phases of data collection names and addresses are necessary to ensure the quality of 
the resulting statistics produced. For example, we occasionally need to contact respondents to verify 
reported data. Access to files where the names and addresses are attached is tightly restricted to people 
working on these types of tasks. 


Data records de-identified as soon as possible 


Once quality has been assured, however, names and addresses are removed, because this information is 
not needed for the production of statistics. Removal provides added protection against any breach of 
security of confidential information. 


Internally generated identifiers are usually attached to each record, but cannot be used to identify a 
respondent. Nevertheless, the combination of these identifiers and the name and address to which they 
refer can be used to make records identifiable. Hence any linked files are carefully protected and only 
available on a strict need to use for work basis. 


Secure disposal of forms 


Once information has been extracted from forms (including electronic records) and coded, and the forms 
are no longer required for verification, editing or quality studies, they are securely stored and eventually 
destroyed in a secure manner in accordance with government policy. 
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RESTRICTING USE OF INFORMATION TO STATISTICAL PURPOSES 


Consistent with the Census and Statistics Act, the ABS can only use the information it collects for 
statistical purposes. This means that the information cannot be used for any administrative, regulatory, 
law enforcement, adjudicatory, or other purpose that affects the rights, privileges, or benefits of a 
particular identifiable individual or organisation. 


AVOIDING INADVERTENT DISCLOSURE IN PUBLISHED STATISTICS 


The Australian Statistician is required to compile and analyse the statistical information collected under 
the Census and Statistics Act and to publish and disseminate the results so that the statistics derived 
from the information collected are available to the public. When releasing statistics it must be done ina 
manner that is "not likely" (in a legal sense) to enable the identification of a particular person or 
organisation. This requires the application of statistical methods which avoid identification while 
allowing sufficient detailed information to be released to make the statistics useful. These methods have 
been developed by statisticians in universities and statistical agencies around the world, including ABS 
statisticians. They are continually being further developed. 


The following basic techniques are applied to tables of statistics likely to contain cells which should be 
kept confidential. 


1. Limiting the detail available (eg collapsing detail in classifications, combining cells). 

2. Slightly altering outputs so that results from analysis based on the data are insignificantly affected yet 
the original values cannot be known with certainty. This method is usually adopted for count data such 
as released from the population census. 

3. Suppressing information. 


There are a small number of explicit situations permitted by legislation where information about 
businesses, but not individuals or households, might be released or controlled access provided to 
unidentified records by persons who are not members of ABS staff. These exceptions are tightly 
prescribed by Determinations of the Census and Statistics Act made by the Minister. Release under a 
Determination also requires the approval of the Australian Statistician. 
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MICRODATA 


An important Determination made under the Census and Statistics Act enables the Australian 
Statistician to provide access to unidentifiable individual statistical records (commonly called microdata) 
to enable wider access to ABS data for social and economic research and analysis. In doing so, the 
Australian Statistician must ensure that all identifying information is removed prior to release and that 
the information is released in a manner that is not likely to enable the identification of a particular 
person or organisation. 


Enabling only, not obligatory 


There is no obligation on the Australian Statistician to release microdata files. The Determination is an 
enabling provision only, and specifies minimum conditions that must be agreed to before access to 
microdata can be granted, and the penalties that apply should these conditions be breached. 


Range of protections for confidentialised microdata release 


The ABS has adopted a manner of release for microdata that protects the data in four ways: 


i) by confidentialising the data on the records 

ii) by providing access in different ways depending on to the level of detail available 

iii) by requiring individual users and their employing organisations to sign undertakings that 
restrict how they use the data, and 

iv) by raising awareness in users as to why it is vital to keep data confidential and what that means 
in practice when they are using the files and publishing results. 


Confidentialising unit record files 


The unit record files are confidentialised by removing name and address information, by controlling and 
limiting the amount of detail available, and by very slightly modifying or deleting data where it is likely 
to enable identification of individuals or businesses. 


When considering requests for access to microdata the Australian Statistician seeks expert advice from 
the organisation’s Disclosure Review Board on whether the data is likely to result in identification of an 
individual person or business. The Disclosure Review Board consists of senior executives who consider 
technical assessments of risk of identification associated with any file considered for release. 


The Australian Statistician personally decides, for each and every confidentialised file, whether or not to 
approve release. Even after that, one of the Deputy Australian Statisticians must approve release of the 
data to every organisation that wishes to use the data. The law requires formal undertakings from each 
organisation which means they are subject to legal penalties if they breach conditions. 


Penalties for breaching the CURF Undertaking 


Any person who fails to comply with an undertaking given by that person, or their organisation on their 
behalf, in respect of a CURF is guilty of an indictable offence, punishable on conviction by a fine not 
exceeding 120 penalty units ($21,600) or imprisonment for a period not exceeding 2 years, or both. 


Any inappropriate activity relating to the use or custody of an ABS CURF may jeopardise any future 
applications for access to ABS CURFs by an individual user and/or the user's organisation. 


Modes of access 


The ABS currently provides a number of ways of accessing microdata, with each method providing 
access to different levels of detail in the data. The methods that provide the most detail are more tightly 
controlled and monitored. This ensures the manner in which the data are released is not likely to 
enable indirect identification of a particular person or organisation. See Microdata access modes and 
levels of detail for further information. 

The access modes are: 


e TableBuilder, where clients can construct, customise save and export tables and graphs, using 
the underlying microdata 

e DataAnalyser, where clients can use underlying microdata to undertake a range of analysis 
techniques such as linear robust, logistic binomial, multinomial, probit and poisson regressions 
as well as other data manipulations such as creating new variables 

e Basic Confidentialised Unit Record Files (CURFs), released on CD-ROM. These are files of 


individual confidentialised records with variables released in broad categories 

Remote Access Data Laboratory (RADL™) facility, where approved users can remotely use 
expanded CURFs. Expanded CURFs contain more variables and/or more detail than basic 
CUREBs. Clients submit analysis jobs to be run against the CURFs which remain in the ABS 
environment, with extra protection provided by the automatic logging of RADL activity and 
subsequent audits of this activity. The data itself cannot be opened or viewed by researchers. 
The ABS Data Laboratory (ABSDL), provides supervised access on ABS premises to expanded 
or specialist CURFs, which contain more variables or detail. All analytical output and other 
material is vetted before being removed from the Data Laboratory. 
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MAKING SURE SECURITY IS WORKING 


Expertise in security and confidentiality techniques 


Keeping information confidential requires constant attention. The ABS invests significant resources in 
establishing and maintaining building and IT security. It has methodologists and other staff developing 
improved technical methods for avoiding inadvertent disclosure of information in published statistics 
and when microdata is being used for research and analysis. Disclosure control is an issue managed by 
all official statistical offices around the world and the ABS contributes to international developments and 
information sharing. 


Senior management oversight 


Confidentiality practices are regularly reviewed by management. Their importance is reinforced in 
corporate and local area plans. Policies and practices are maintained and promoted for all staff to follow. 
Security is overseen by a committee of senior executives chaired by a Deputy Australian Statistician and 
reporting to the Australian Statistician. The Disclosure Review Board is chaired by a senior executive. 
Audits of practices of work areas are conducted regularly, including formal external audits. The IT 
security system has been certified by the Defence Signals Directorate. 


Openness 


Openness is also an important feature of the way the ABS operates. While particular details about 
security and disclosure protection methods are not able to be divulged because it would undermine their 
effectiveness, the ABS is open about the way it goes about its business. It strives to maintain the 
confidence in the organisation held by independent guardians of the public interest (such as the Privacy 
Commissioner) and key stakeholders by discussing its methods and potentially sensitive areas of privacy 
with new developments. It also lets respondents and staff know of the guarantees provided to 
respondents by the Census and Statistics Act. 
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